The press releases on this website are provided for historical reference purposes only.
Please note that certain information may have changed since the date of release.
September 14, 2012
The RC-SA00*2 next-generation FeliCa IC chip developed by Sony Corporation is the world’s first contactless IC card chip with embedded software to acquire EAL6+ certification of Common Criteria (ISO/IEC 15408), the international standard for evaluation criteria for IT security.
In addition to the conventional DES (Data Encryption Standard) encryption algorithm, the RC-SA00 FeliCa IC chip is equipped with AES (Advanced Encryption Standard), a new-generation standard of encryption algorithm, to provide advanced security and performance for mutual authentication and encrypted communication with a reader/writer device. Sony began volume shipments of this product in summer of this year.
The EAL (Evaluation Assurance Level) in Common Criteria ranges from EAL1 to EAL7, and EAL6+ is defined as a level that offers extremely high security assurance for protecting high-value assets against severe security risks.
The RC-SA00 next generation FeliCa IC chip received EAL6+ certification from a third-party security evaluation body, and Sony will work towards introducing it into markets that demand robust security towards the future, for conventional applications that stress high security and performance, as well as for financial and payment purposes.
Since 1996, Sony has shipped over 600 million*3 card chips and Mobile FeliCa chips, which have been incorporated into cards and mobile phones for applications ranging from transportation passes to electronic money. Sony will aim to create new services and lifestyles by continuing its efforts to increase NFC/FeliCa products, as well as to expand the environment that delivers user convenience through simple “tap.”
This refers to the international standards for evaluating whether products and systems relating to information technology have been adequately designed, and whether this design has been implemented correctly from an information technology security perspective.
|EAL level||Expected level of security assurance|
|EAL 1||The assurance level used when safe usage or operation is ensured, based on the assumption that the operation will be carried out in a closed environment.|
|EAL 2||The assurance level for products used in environments with limited users or developers, in which there are no serious threats endangering secure operation of the product(s).|
|EAL 3||The assurance level for products used in environments that can be accessed by unspecified users and in which measures against illicit acts are required.|
|EAL 4||The assurance level for products manufactured on security-conscious development and production lines that have been introduced with the objective of realizing commercial products or systems that assure a high level of security.|
|EAL 5||The assurance level for products developed and manufactured with the support of security expert(s) to ensure the maximum security of commercial products or systems in a specific field.|
|EAL 6||The assurance level for specialized products developed by applying security engineering technology in a development environment to protect high-value assets against severe security risks.|
|EAL 7||This is the highest of the defined evaluation assurance levels and is aimed at products developed with the objective of protecting assets in extremely high-risk environments or that carry high development costs|
Source: ‘Pamphlet on ISO/IEC 15408 IT Security Evaluation and Certification Scheme from the Information-technology Promotion Agency, Japan (IPA).